About HIPS feature...


The HIPS feature will be intelligent, i.e. like a behavior blocker, or will always prompt the user if the item is not on the safe list?


The HIPS in the AV or the HIPS in the firewall?

I believe the HIPS in the AV will be application focussed and will be intelligent and have a whitelist. These are just assumptions and a little bit of between the line reading.

Ewen :slight_smile:

I thought that only the AV will have the HIPS feature…

So I would like to know the difference between them?

Very good question. Also will they interfer with other hips applications or each other? Is it going to being able to stop untrusted processes or just detect them or not at all? Is it simply going to prevent on the executable level and not worry about already running processes or will it detect (if detects) untrusted processes that say, were running prior to install? Or execs for that matter or does it prevent and not concern with what may be on the system prior? I feel a news article coming on… :wink:


I’m only reading between the lines of what Melih and the other Comdoo staff have posted here, but my take on it is that CAVS2 will have application focussed HIPS (monitoring the actions of unknown apps) and a future version of CPF will have a more traditional HIPS (monitoring the system entry vectors).

I could be wrong, but I wouldn’t bet against it. :wink:

Ewen :slight_smile:

Behaviour blocker is different in that, it checks a behaviour and only if it finds it suspicious it alerts.

HIPS in CAVS is does not take risks!
It control any “process creation” and “drivers”. So anyone trying to launch an app will be caught by CAVS, checked against safelist, if in, allow, if not alert the user. Same with drivers, hence say bye bye to rootkits :).


“If you love something, let it go”

Release the beta, Melih.


Behaviour blocker is less annoying, but not so powerfull.

And what will be the difference between the HIPS for CAVS and for CPF?

CAVS will do mainly application firewalling using HIPS
CPF will have full HIPS…


I’m not an fan of the current HIPS, so I don’t think that I will use it on CPF, but we will see…

I prefer intelligent Behavior Blocker (BB), so if you can develop a solution that the users can should between HIPS or BB, will be good for all…

why don’t you like HIPS?

Is it because its noisy?


Computer was made to produce and help, not to became a security paranoid…

I prefer a program that alert me about a possibly threat instead of alert me about all the files that I run, even if you have a huge safe list that will reduce the alerts.
A lot of users will not use the HIPS of CAVS or will just click yes on every alert…

You can use the safe list to improve the AV performance, and that is a great feature, but the rest is not for me…

I do agree that the current HIPS is a bit noisy, maybe make it an option for some? Also, I noticed some programs that use HIPS, set an over all rule for the app so you don’t get too many pops. So an on\off for HIPS, rules, etc…IS this a possibility? Is this the way it will be worked?


we are aiming for a HIPS that does not generate alerts, cos it has almost all files in its list!
That way the noise level will be acceptable.


Good thinkin’ (:WIN)


For your program is better to have an HIPS like that, because you will add a lot of new items to the safe list…

I know users that like this kind of protection, but I prefer to just control what programs will run with windows, incoming/outgoing network, about possible threats, and the rest is to other things… :slight_smile:

Like you said, you the Comodo Team are always listen the users suggestions, so I suggest a Behavior Blocker for COMODO, as an option, to the user decide what he likes more… :wink:

How could you be fast enough to add new programs in the safelist before we use them ?

Behaviour Blocker :slight_smile:

consider it done VC :slight_smile:

PS: we already have a version that works, guys are finalising it (:WIN)



Many methods but one of the most important one:

we check the publisher’s websites regularly.


Glad to hear that :slight_smile:

Hope that we could have a standalone application with that…